Several concepts within the field and problems associated therewith are introduced and discussed below in no particular order.
There is the notion of a LiveCD. A LiveCD is a bootable compact disc (CD) containing all of the code necessary to boot a regular operating system on a computer or similar device that may not have a hard drive (or other storage hardware) available for permanent storage. LiveCD technology is also used to recover a copy of an operating system that resides on the permanent storage hardware within a computer or similar device but is damaged, corrupted, or otherwise inaccessible through normal operation. Another typical use for LiveCD technology is to initialize a temporary operating system for experimental purposes such as testing it in a trial-mode before buying or installing a final copy of the operating system. Typical configurations of LiveCD and similar LiveMedia and other technologies tend to include as many applications, services, and/or features as possible for convenience to clients. However, the more of these capabilities included natively within the hardware, firmware, and/or software components, the greater the potential for vulnerabilities and other security issues.
There is the concept of virtualization. Virtualization is generally the capability for multiple different operating systems to coexist on the same hardware simultaneously. For example, a computer hardware system can have two instances of a particular vendor's operating system and a separate instance of a different vendor's operating system functioning at the same time. These virtual environments, depending on their configuration, may be aware of each other or can be restricted to only know about their individual instance. However, simply utilizing virtualization technology cannot guarantee the valid operation of the virtual environment. For example, an attacker that executes a malicious code at the virtualization management layer (or lower) can defeat all the security protections afforded by a virtualized environment.
Another concept is that of utilizing Secure Sockets Layer (SSL) or similar communications protocol for encrypted web browsing and similar activities. While this protocol and a similar one called Transport Layer Security (TLS) support client authentication, it is industry practice to only validate the server end of the communication channel. This is the traditional operation because distribution of unique authentication key information to one-time-use clients is extremely time consuming, technically difficult, potentially costly, etc. Moreover, client authentication only marginally increases the security of the communication channel, if it improves security at all. The main benefit of SSL and similar technologies is that the client can be relatively certain that the server-end of the communication channel is who they expect it to be and that all communications over the connection are encrypted to protect against eavesdropping. However, an attacker who has software running within the systems at either end of the communication channel can trivially read all information that transits this communication channel before and/or after transmission or reception.
Another concept is that of multi-factor user authentication. Traditionally, multi-factor authentication measures any two or all three of: something you have, something you know, and/or something you are. Something you have could be a piece of hardware such as a credit card. Something you know could be a personal identification number (PIN) or password. Lastly, something you are could be a physical trait like a fingerprint, which would ideally be unique for each client. While this can provide a level of client authentication, it is insufficient insomuch as it relies on an honest, trustworthy individual. A fingerprint can be attained from a doorknob or a drinking glass at a restaurant. A PIN can be recorded via a video capture device. A credit card can be physically stolen. Thus, even if all three factors were imposed to authenticate a client, a single adversary can defeat this security posture by employing the tactics described above.
Another concept is that of a hardened host. A hardened host is a specific system configuration, usually done in software, which reduces the potential attack surface of the host. This can be achieved by removing unneeded applications, turning off unused services, configuring firewall rules, enabling SELinux (on supported Linux-based systems), etc. While there is less potential for weaknesses and vulnerabilities, some services and many applications will remain enabled and activated within the system. These services and applications are still subject to any exploits that were developed against those components, thus exposing even a hardened host to attack.
While this is not an exhaustive list of typical security-related technologies and products, this represents many branches that the industry has taken to address security concerns. There are several flaws that these technologies contain, whether operating individually or bundled together. The following demonstrates a non-exhaustive list of disadvantages that these and related industry products may contain.
The above mentioned and other similar technologies generally trust the human invoking and utilizing the operating environment. While most users may not be malicious, some undoubtedly are. Some examples of these are hackers, scammers, phishers, terrorists, disgruntled employees, unsatisfied customers, etc. Since, for the most part, the owner of a computing system is the client, most service providers are at the will of the client to behave appropriately. It is very difficult, if not impossible, for a service provider to control every client that may try to access the corporate systems and infrastructure. This is specifically true in the case where the client is really an attacker who may only acquire client status as a method of accessing corporate resources.
Another flaw is that these and other similar technologies implicitly and/or explicitly trust most, if not all, of the hardware within the client's operating environment. These hardware components include: network cards, processors, hard drives, keyboards, removable storage devices, the BIOS, etc. While this is not an exhaustive list of the hardware components available within most modern systems, nearly all products (whether security products or regular applications) trust the hardware to act in a good-faith manner. However, hacker, malware, organized crime, and other actors are becoming ever more sophisticated. Hackers have trivially demonstrated the capability of corrupting nearly every hardware, firmware, and software component within modern computers, cell phones, PDAs, and similar devices. For example, at several recent BlackHat conferences, hackers have demonstrated the ability to rewrite the Basic Input/Output System (BIOS) of various computer systems. The BIOS is so important that if it were to malfunction the entire system could be unusable without great time and cost to the owner. Moreover, the recovery of the system generally requires returning the computing system to the manufacturer for repair. As demonstrated at BlackHat, a crafty hacker could write remote control code into a system's BIOS and gain permanent access to the system even if the system's hard disk, processor, random access memory (RAM), DVD-ROM, and network card were all replaced with known good hardware components.
Another issue that these and other similar technologies have a tendency to share in common is that they are tailored to a specific use. That is, they are generally designed for a single purpose and deviations from that purpose either invalidate their security or simply are not possible and would crash or otherwise disable the technology. For instance, a LiveCD is statically configured to provide a specific set of services and cannot be modified without creating an entirely new LiveCD. This process often requires the advanced skills of a computer technician. Additionally, redistribution of this new LiveCD to all clients would be costly, time consuming, and may not be possible within acceptable business constraints.
Another issue is the industry mindset of “security as an afterthought.” This practice has become the norm because for most companies profit is the bottom line. Thus, if it costs more to implement security, security will not be implemented. If security causes the product to work more slowly, or otherwise cause discomfort to the client, security will not be implemented. There are many other reasons why security is added to system after the main service of the product is completed. However, as has been shown countless times, the “patching” of products to add security rarely results in a significant improvement of the product's security. In fact, it is often the case that a false sense of security is assumed because a new password box was added, or encryption was used to wrap some critical data, etc. In reality, these new features introduced more areas for hackers and other malicious users to defeat the system and go undetected.
Another drawback of these and other similar services and technologies is that they are typically designed for a single operating environment. For instance, they may operate on the local hardware system as either a stand-alone environment or a remote access client, but are incapable of switching between various modes. Additionally, many of these technologies require an active network connection, which is usually an Internet connection, to download updates, access configuration information, etc. For a product designed for stand-alone mode, this could be very difficult if not impossible (depending on the configuration of the system).
Another shortcoming of the aforementioned technologies is their ability to unintentionally or intentionally access the client's personal data with our without the client's consent. This can lead to data corruption and if a client does not have a backup of the data it could be lost forever. Additionally, it could lead to leak of information that the client does not intend to share with others and could violate privacy laws.
Not necessarily every product or service in existence suffers from all the above listed disadvantages. However, current products or services suffer from at least one security flaw or other operational disadvantage including those that are not discussed herein in detail. Moreover, most product vendors and service providers intentionally cover-up instances of security weaknesses as it would undoubtedly hurt their corporate image. Lastly, other issues exist that weaken the trust, security, or verifiability of these devices and samples of these issues will be discussed when appropriate.
Although some types of security technologies are available, there is a need for a system and method that addresses the above and other weaknesses of existing security technologies.